Climategate investigation closed – statute limit looms, cops impotent

Norfolk Constabulary has made the decision to formally close its investigation into the hacking of online data from the Climate Research Centre (CRU) at the University of East Anglia (UEA) in Norwich.

The decision follows a comprehensive investigation by the force’s Major Investigation Team, supported by a number of national specialist services, and is informed by a statutory deadline on criminal proceedings.

While no criminal proceedings will be instigated, the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.

Senior Investigating Officer, Detective Chief Superintendant Julian Gregory, said: “Despite detailed and comprehensive enquiries, supported by experts in this field, the complex nature of this investigation means that we do not have a realistic prospect of identifying the offender or offenders and launching criminal proceedings within the time constraints imposed by law.

“The international dimension of investigating the World Wide Web especially has proved extremely challenging.

“However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.

“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

The security breach was reported to Norfolk Constabulary on 20 November 2009, following publication of CRU data on the internet from 17 November onwards.

An investigation was launched by the joint Norfolk and Suffolk Major Investigation Team, led by Det Chief Supt Gregory, with some support from the The Met’s Counter Terrorism Command, the National Domestic Extremism Team and the Police Central e-crime Unit, along with consultants in online security and investigation.

The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990, which has a three year limit on proceedings from the commission of the original offence. It has been concluded by Norfolk Constabulary, in consultation with The Met, that due to outstanding enquiries this is now an unrealistic prospect.

Norfolk Assistant Chief Constable Charlie Hall, Protective Services lead, said: “Online crime is a global issue. While law enforcement agencies continue to develop our response to emerging threats, it falls upon individuals and organisations to be alert to this and and take steps to mitigate risk as far as is practicable.”

For irony’s sake, I say someone submit a FOIA request for access to the investigation’s records just to see what their evidence is of “a sophisticated and carefully orchestrated attack on the CRU’s data files”. Quite convenient to say they know it was a horrible, heinous, and sophisticated crime, but not a clue who did it. Plays too easily into the tin foil hat brigade’s tendency to see Big! Oil! behind everything.

For irony’s sake, I say someone submit a FOIA request for access to the investigation’s records just to see what their evidence is of “a sophisticated and carefully orchestrated attack on the CRU’s data files”.

Seconded!

I suspect there isn’t any evidence, and they’ve just given up, uttering something they believe people will swallow.

To bad the investigation into the unlawful hacking will not be completed. Several investigations have been completed as to the scientists and their work involved in this unlawful hacking and these investigations have shown the scientists to abide by the highest ethical standards. This stands in stark contrast to those who unlawfully steal and misquote emails. The distinction is astounding and shows the difference between those involved in scientific inquiry and those who are not.

Someone from the inside who was smart enough not to get caught could have done it from the outside since they would already know the passwords and security setup.

That way it would look like it was not an inside job. Basically, no one knows who did it. It had to be someone who did not believe the CAGW hard sell AND/OR someone who does not like liars, the politicization of science, and the wanton disregard of FOI requests.

“Despite detailed and comprehensive enquiries, supported by experts in this field, the complex nature of this investigation means that we do not have a realistic prospect of identifying the offender or offenders and launching criminal proceedings within the time constraints imposed by law.”

Hmmmmm — three years, with expert support, and they couldn’t track down a hacker? A bud who works for a Three-Letter Organization told me last year the longest it had ever taken him to trace a hack to the originating computer was a week.

Like your style Big D in TX. I work in media and communications in the UK and I can tell you that the journalistic reputation of the BBC has never been so low in the last 50 years. Richard Black and his editors are an embarrassment to British journalism – even the flagship Today programme on Radio 4 has lost its way on global warming. Simple example: Christopher Monckton is one of the world’s leading authorities on CAGW – and he has never appeared on the BBC and definitely NOT on the Today programme. They would not dare.

I would like to hear any of the evidence from which the Norfolk Constabulary are basing their unsupported propaganda claim. Not once in the last three years have they released any information to validate this position or their hunt for a boogeyman. I also second the FOI request. The police should be held accountable for their actions and if they have no evidence then they are derelict in their duties to the public with their irresponsible statements on this case.

“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

This is the only positive statement in the whole release. They could find no evidence for an inside source. That could merely mean no one at UEA admitted it, and they could find no traces of unauthorized access at UEA. That allows them to absolve UEA staff.

Then, as they could find no evidence inside UEA, they conclude the culprit was outside the University.

As they could find no evidence of an unauthorized access from outside UEA either, then that must mean the external culprit used v-e-e-r-r-r-y sophisticated methods to get in. Methods so sophisticated, they left no trace.

Hence, they can conclude, “the data breach was the result of a sophisticated and carefully orchestrated attack … carried out remotely via the internet”

Short version: We couldn’t find any evidence at all. As no one in the University confessed, we are relieved to note that UEA staff are all innocent (and Phil Jones is a put-upon saint). Therefore, the attacker must have been a malign outsider. One so extremely clever that he left behind no trace of his crime..

The Norfolk result will climb the eNGO proof charts to take its high place with the three inquiries that proved no decline-hiding wrong-doing by Phil Jones & co., and the Penn State inquiry that proved Michael Mann is driven-snow innocent.

To bad the investigation into the unlawful hacking will not be completed. Several investigations have been completed as to the scientists and their work involved in this unlawful hacking and these investigations have shown the scientists to abide by the highest ethical standards….

Bwahhhhahahahah! You mean like Dr. Phil Jones who was also saved by the statute of limitations after breaking the law???

As Norfolk plod couldn’t find their arse with both hands, it was always going to be a long-shot that they would turn up anything. As the commission of the act for climategate 1,2 & 3 was done at the same time presumably, I suppose Foia will soon be off the hook for the rest of the e-mails. I’d better get some popcorn in.

There was no desire to identify the culprit(s) for to do so would have resulted in some kind of charges and a likely show trial. This would have reopened all the issues that Climategate revealed, a result that the UK government does not want.

So there never was a chance that the perpetrators would be identified and caught.

I too would like to see some evidence for an external attack. As a professional in the area, I find that rather implausible, and consider an “inside man” job a much more likely scenario.

As for “sophisticated”, well, it’s usually not necessary to be awfully sophisticated to get into a University file server. Sorry, but it just isn’t. Too many tenured idiots complaining about “difficulty of access” to their ultra-important data sets and whatnot.

Computer security is a balancing act at the bet of times, and University environments tend to have lots of big thumbs on one pan.

sceptical says:
July 18, 2012 at 9:13 am
…
This stands in stark contrast to those who unlawfully steal and misquote emails.

The first part is probably a mindless first-pass guess on your part and can be forgiven; the second part however is either willful ignorance or stupidity since the “e-mails” are available for inspection, and since there is no cure for stupidity if that is the reason you can be forgiven for that as well …

Because the information was distributed via foreign Internet servers, they assume the acquisition of the information was done from outside the CRU via the Internet. Is that about it? As I recall, there was a hard drive involved that contained the emails and was part of the McKitrick FOI request. If correct, there would have been no trace of activity on the Internet indicating access to the internal servers from the outside. It could have been a simple copy of the hard drive used to distribute the information from an outside access to the Internet. The investigations were looking for something that wasn’t there.

“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”
There is also no evidence to suggest that anyone NOT working at or associated with the University of East Anglia was involved in the crime.
Conclusion: The Norfolk Constabulary is utterly unprepared to deal with such events.

It’s like the Higgs Boson; they are slowly narrowing down the range, where that rascally hacker could be hiding. S/he is now believed to be somewhere between 170 deg West and 170 degrees East; so far they have managed to eliminate that large area around the dateline, where New Zealand can often be found, when they bother to draw whole maps.

“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

Truly a semantic delight.

If someone working at or associated with the University of East Anglia was involved would it be a crime? Is the copying and release of e-mails that should be subject to FOI by someone working at or associated with the University of East Anglia a crime?

Is there any evidence to suggest that everyone working at or associated with the University of East Anglia was NOT involved in the release of the information? (Absence of evidence is not evidence of absence.)

I look forward to seeing their evidence that the aquisition of the files was “…carried out remotely via the internet”.

Firstly they say that “the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet” which means one thing: they have proof (apparently) that this was a hack, and not an inside “whistle blower” job.

But then they say: “The offenders used methods common in unlawful internet activity to obstruct enquiries” which suggests they probably don’t have much evidence of anything at all.

So I agree with nuclearcannoli 100%: we need to ask specifically what this “evidence” is. I somehow suspect that police investigations will fall outside of the remit of the FOIA. This investigation is clearly firmly in the pocket of the establishment running the show. More whitewash bullshit. (Mods: Pardon my French, but it has to be said.)

“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

This is the only positive statement in the whole release. They could find no evidence for an inside source. That could merely mean no one at UEA admitted it, and they could find no traces of unauthorized access at UEA. That allows them to absolve UEA staff.

We don’t even know if they asked anyone at UEA, and we don’t know if they even looked for traces of internal actions.

I think it’s telling that their report didn’t state that any of the “…detailed and comprehensive enquiries, supported by experts in this field…” were directed at anyone associated with the University of East Anglia.

Ha!… Computers and network security are part of what I do for a living.
I am very convinced that the format, location and content of the files as well as the way the files were made public make it extremely unlikely that this was a “hacking” incident, “…carried out remotely via the internet”. Sorry… I didn’t buy it then… I buy it even less now.

sceptical says:
July 18, 2012 at 9:13 am
To bad the investigation into the unlawful hacking will not be completed. Several investigations have been completed as to the scientists and their work involved in this unlawful hacking and these investigations have shown the scientists to abide by the highest ethical standards. This stands in stark contrast to those who unlawfully steal and misquote emails. The distinction is astounding and shows the difference between those involved in scientific inquiry and those who are not.
===============================================================
We know that “the powers that were” at Penn State were willing to cover for a serial pedophile to protect the Univerity’s reputation. Those same authorities were the ones who investigated Mann.
Now what were you saying about “investigations have shown the scientists to abide by the highest ethical standards”? What were the ethical standards of the investigators?

got the sense from the getgo that the Norfolk Constabulary would just rather it all would go away. Calling in the counter terrorism command, the national domestic terrorism team and the e-Crime people got it off their blotter. Impounding Tallbloke’s computers for a time made it look to their political masters like something was being done. They could probably blame that on e-Crimes. It all served nicely to run out the time limitations so it does in fact, go away.

It’s out of their hair with a minimum of political fallout. Aside from inconveniencing Tallbloke, which wasn’t very nice, I can’t say I blame them.

There was never a chance of this getting anywhere near a court of law. Evidence given under a sworn oath, with severe penalties for perjury?
No way would they risk that, because that would mean game over for the global warming scam.

This lack of prosecution, or even any confirmation of what they did manage to find, is about as damning as it gets, to the veracity of the “evidence” provided by the high priests of AGW.

Yes….November 2012…. a time to look forward to Climategate 3. …..bring it on!

What this means is that if the “hackers” were remotely based, they had effectively free access to the CRU and UEA computer system and could wander where they felt like. That kind of data mass is not simply grabbed. Organizing it alone would have taken some serious work time. Looking at the first release, since it included practically up to the moment emails, it sounds more like absence of evidence than evidence of absence regarding insiders, continuous accumulation and organization of the data, right up to the moment of release.

It has been concluded by Norfolk Constabulary, in consultation with The Met, that due to outstanding enquiries this is now an unrealistic prospect.

“… due to outstanding enquiries …”: Is this the key phrase? That there have been requests for critical information that has not been provided, and will in not be provided (in the time-frame at least) that allow the investigation to go forward?

If UEA is not providing the required responses, then the investigation would be dead, wouldn’t it? As in “the victims are not cooperating with the police”.

False on its face.
1. Not “data files”, but the email server. Totally different thing. And not an attack; nothing was disturbed, garbled, or deleted. (Not that CRU has any data files, anyway. Philbert lost ‘em all in his terminally messy office. And mind.)
2. FOIA carefully purged the email addresses of both senders and receivers throughout. A dastardly criminul international hacker did that? Pull my finger …
3. FOIA explains his purpose, to force some ethics and transparency where little or none exists. And warns of far larger releases (via password for existing widely disseminated files) if things don’t shape up. This is an insider’s motivation, not an external hacker’s.

I wonder if the Norfolk Constabulary are aware that they are not just a local joke, but an international joke. If I’m ever in that area I will be sure to keep a firm grip on my wallet and property, since there appears to be no effective policing whatsoever.

After the last three days of runaround with various government authorities on a different criminal matter, all I have to say is I have yet to find a government official who could find his own A$$ with both hands unless there was a payoff involved.

John Broder, at the NY Times, at least uses the term “Climate change doubters”. He incorrectly states “The police put to rest speculation that the release was the work of a mischievous or disgruntled insider at the university’s Climatic Research Unit.” whereas in truth they stated “There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.” (If they had had such evidence, they would have been an eventual arrest, I suppose).

>> Does this mean that the police-held hard drive will soon be again available for FOI searches?

Ah! My very first thought on reading this. UEA got out of releasing thier records on the technicality that they did not “possess” the said documents because the police had impounded the computer.

Now the police have decided to officially close the investigation, they will be returning the property to its rightful, legal owner. That means UEA will, once again, be “in possession” of the documents and will have no further grounds not to produce them.

A new FOIA request to UEA would seem to be in order, just in case they have forgotten the previous request and lest they should (ahem) lose the disk or something silly.

As for Norfolk Constabulary, thier silence over the past two years has pretty clearly been spent watching the clock tick on this one. You can bet if the perps were four young muslims they would have had no difficulty in finding where the “attack” came from.

sceptical says: July 18, 2012 at 9:13 am
To bad the investigation into the unlawful hacking will not be completed. Several investigations have been completed as to the scientists and their work involved in this unlawful hacking and these investigations have shown the scientists to abide by the highest ethical standards. This stands in stark contrast to those who unlawfully steal and misquote emails. The distinction is astounding and shows the difference between those involved in scientific inquiry and those who are not.
———————————————-
I suggest you read the emails themselves instead of taking the word from someone who has a conflict of interest.http://www.assassinationscience.com/climategate/
There is *obvious* misconduct from the “scientists” in which they game the peer review process, and incite the firing of a magazine editor who didn’t sufficiently toe the alarmist party line. etc.

Actually, it looks to me like the files came from the server used as a repository for backups of the mail server and other computers which is why many of the actual data files are available. Someone apparently swiped the files that were deposited on a different system in the course of some regularly scheduled backups.

So . . . a government agency reports a crime. ( I am presuming that EAU qualifies as governmental, since they are subject to ‘FOI’ requests.

The constabulary begins an investigation but in the end drops it when those in charge of said government agency fail to respond to certain enquiries.

How is that not gross misconduct of a public official? If you are able to make the complaint of a crime, as a public servant, then you are in fact required by law to assist law enforcement in their investigation. That’s not conjecture, that is the law. No public official is allowed to disregard a reasonable request from law enforcement in the conduct of their investigation. The bobbies need to tell us what was not produced.

Something is terribly rotten here. I suspect the cops know this was an inside job, have just about proven as much and are giving up out of frustration with Phil & co. They have, no doubt, conducted a forensic investigation into the file itself. This has certainly brought to their attention the idea that it took someone who knew a lot about the inner workings of EAU quite a while to compile all of emails and data files. And then to redact the email addresses before releasing it? Oh yeah, it’s got the Russian mop written all over it. You know, with their reputation for etiquette and so forth hanging in the balance.

That simple statement in the press release; ‘outstanding enquiries’ about says it all. At some point the citizens need to demand answers instead of one public official protecting another.

It is sad that Scotland Yard would put up with this. They wouldn’t have to.

This is a ridiculous charade – Plod knows more than it’s saying and I strongly suspect that what it isn’t saying is merely to spare some blushes at CRU. Nothing like an apolitical police force, eh? This is the same police force, incidentally, that regularly crows very publicly (all the time) about it’s increasingly ‘sophisticated’ online tech for catching international online child pornographers – but, somehow, they just can’t find a regular hacker…? Really? Pull the other one.

Climategate was, of course, an inside job – a whistleblower, in other words (although I prefer the term ‘hero’). The police won’t tell us that – instead they make themselves look foolish by deciding they’re not up to the job at hand and just close the case file. God forbid the actual facts should ever get into the public domain. Another dreary whitewash. How many is that, now..?

Get the evidence of a sophisticated hack from the Norfolk police…. via a FOIA request?
No chance, they won’t give it to you.
You’ll have to wait for an anonymous insider with access to police files to release the data. This will be against the wishes of the police, but the insider will argue moral principles as justification of his actions.
This event will be called ‘ Police Gate ‘.
Some of the data will be police emails.
e.g.
” I’d rather burn our evidence of a sophisticated attack than go public with it! ”
what are they afraid of? That the public might see it to be a made up travesty?

P. Solar unless say hardware meets a ‘tragic accident’ on its way back to being used by CRU , after all it not been powered on all this time , so its to be ‘expected ‘ that when it is something ‘could go wrong ‘
Of they could just stick in a box with some really strong magnets, which they ‘had no idea where in there too’ , and yes that one has been done before.

There was no desire to identify the culprit(s) for to do so would have resulted in some kind of charges and a likely show trial. ….
_________________________
WORSE, If the release was from an insider who was upset about Jones and his evasion of the FOI requests it would become a Whistleblower case and evidence about why the release was done by the Whistleblower would have been very damning for the cause. Therefore it was always best to bury the whole investigation as deep as possible and point fingers towards a nebulous “…sophisticated and carefully orchestrated attack on the CRU’s data files….”

….the founder of Cyber Defense Agency in Wisconsin Rapids, Wisconsin, said in an interview this year before the latest attacks. “There are two perpetrators that are most concerning. One is organized crime, the other is nation-states, and they are both quite serious.”

Chinese-based hackers gained access to private Gmail accounts of senior U.S. officials and journalists this month, according of Google Inc. Defense contractor Lockheed Martin Corp. was hacked in May. Computers at Hopkinton, Massachusetts- based EMC Corp.’s RSA Security division were infiltrated in March by hackers who stole technology used to protect other U.S. government and corporate networks…..

What a complete waste of public money this investigation was. It has been obvious from the very start that the emails were leaked from the inside but that was too embarrassing a scenario for the powers that be to contemplate so we had to have this farce of a police investigation. Even though this is Norfolk Police we are talking about I don’t believe that they are completely incompetent. As others have said nobody confessed but, also as others have said if they had any half decent IT experts working for them they must know where the leak came from – but they aren’t saying.

>>
I trust that when UEA receive their server back, they do not promptly “wipe it”.
I reckon an FOI for all emails contained on this server is in order and quickly.
>>

That would probably be a criminal act. Deleteing or destroying information that is subject ot possible FIOA requests.

Since this information has already been the subject of such a request and the only reason that ICO tribunal allowed the non release was that UEA did not “possess” the said information, there is no question that the material is subject to such a request.

In view of the change of circumstances, a new request would probably be in order and a complaint should be registered within the three month limition period, in the (unlikely?) event that UEA should prevaricate or refuse.

I think it is a safe bet that something is coming soon. I’ll bet whoever is behind it is waiting for something profound to be put out by the Hockey Team or its supporters.
___________________________________
The US elections are in November 2012 and the Australian Election in 2013. Working Group Reports of the IPCC Fifth Assessment Report (AR5) are to be published between 2013 and 2014.

So there are lots of dates to choose from but a dribble in the fall of this year seems likely with more in the fall next year.

Maybe the police report is somewhat correct; there was no crime, it was a whistle-blower. Will the reward be 10% and where does it come from? Will there be racketeering and fraud charges eventually filed against the perpetrators of funding and scientific fraud? Will assets be seized? Will multiple charges be filed against the players or will it be consolidated into one ongoing racketeering charge for each? Will convictions and incarceration terms run concurrently or consecutively? Will they just keep playing the victim card? Will they just keep playing the appeal of authority card?

Inside, outside … who knowns. I wouldn’t jump to conclusions. Nobody is safe against a competent hacker. Absolutely nobody. Regarding the quality of police investigations, I had a bit of experience. I asked the UK police to investigate the theft of my laptop. I thought it would be a piece of cake because it showed up online just 20 minutes after it had been stolen and kept reporting its address through DynDNS. It continued to do so for three years, after which time I needed that name and claimed it for another machine. But I gave up waiting for the police to help much earlier. It took them eight months to obtain the disclosure paperwork for the first few addresses I gave them, and sure enough, by then the traces went cold.

I even talked to the members of the internet crime unit in London about it, and they confirmed it should have been a piece of cake, but told me they would be helpless in that case because the town where my laptop was stolen was outside their jurisdiction.

So it seems like hackers are safe attacking targets in the UK; outside London for sure. Not that I ever wanted the Climategate hacker to get caught, but I suspect it was a futile endeavour from the start.

Hmm, interesting. I suppose it would depend if there could be another type of crime considered (I won’t give them ideas). I still wouldn’t advertise myself once the deadline is up if I was FOIA. Especially as they keep trying to make scepticism a crime against humanity. The police might be fed up with it but certain people must still want revenge and they’d be backed all the way by organisations like GreenPeace or the Guardian.

And such a conclusion comes in at a convenient time when the government has just finished its ‘Summer seminars’ on the forthcoming Communications Bill – which – from the seminar I attended and stuck my oar in, made clear that further screwing with the internet here in Old Blighty is most definitely in the frame and regulation of bloggers is *still* being considered.

I’ll be putting an FOI request in tomorrow.

On the good news front however, I can’t recommend to my fellow Brits enough that you go see the ‘Yes Prime Minister’ theatre show now on. I think it just created dozens of climate sceptics in the show I just attended and bodes very well indeed for the forthcoming new series. Methinks we have a couple of new allies on the sceptic side in the form of satirical writers Antony Jay and Jonathan Lynn……

FOIA = A member of the house of lords or parliament – or an assistant/associate thereof providing the skills necessary to hide the obvious under direction.

When the police figured this out – and realized the whole thing was a political maneuver to counteract the blatant scam AGW is, they backed off really quick.

The bobbies, constables, investigators, solicitors, etc., appreciate being able to punch the clock, go home, eat a nice dinner and sleep in peace.

FOIA will release another batch – knowing full well that while the police can do a duck once – they can’t do it twice because a member of the house of lords or parliament that is pro-AGW will foolishly press for direct action.

Only then will it really play out – and heads roll.

However the heads that roll will not be the heads of politicians, but those of scientists – rightfully or wrongfully. Even when a political showdown becomes a farce that falls apart – a head always rolls and more often than not – it’s that of someone a step below that of the politicians in question.

REPLY: Mosher has a speculation as to who it is, not an established fact. My speculation is that the person is familiar enough with UEA’s system they fooled the cops into thinking it was an outside job…which given their plodding, probably wasn’t that hard to do. Remember, the security at UEA/CRU was dismal, and they were so dumb that they thought they were chasing a “mole” (a fun character setup by McIntyre and myself in blog postings) when in fact the “secret file” was out in the open on a public FTP server. – Anthony

“…. we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.

A much simpler and less complicated scenario would be someone with inside access. No fancy super “7337” skills really needed. A little more complicated would be lifting the data off if a cloned drive that was in for repair.

Did someone mention Occam’s razor? No? Never mind.

“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

“…It’s a twap I tell you ! They don’t really know anything, granted, they are just hoping, waiting for that pending release of the password for that last stack of damning emails…”

And, since they’ve dragged their feet so long (allowing the statute of limitations to run out), the “hacker” is now free to release the remainder of the emails. Expect the final release sometime after the 17th of November.

TinyCO2 said (July 18, 2012 at 12:20 pm)

“…Sadly for our information liberator there is no statute of limitations in the UK…”

Well, according to the original post “…The investigation, code-named Operation Cabin, focused on unauthorised access to computer material, an offence under the Computer Misuse Act 1990, which has a three year limit on proceedings from the commission of the original offence…”

So, there does appear to be a statute of limitations in the UK for this offence.

The police are on a hiding to nothing here, I fear, and they had to drop this hot potato as quickly as they could.
I don’t doubt that they’ve asked the ‘correct’ questions, got the answers they’ve got and were unable to push harder as they may have been tipped the wink not to press too hard. National interest stuff old chap if you know what I mean; straight out of Yes Minister.
Let’s not underestimate the Plod. They’re nobodies fools and I wouldn’t like to cross a senior officer who has been pressuried into being a patsy especially given the comparitively young age that many retire from the force.
I find it interesting that this case has been publically closed with some months still free to fall within the three-year rule or whatever actual time applies!
Case closed, equipment needed for examination now available for return to ‘injured’ party; potato safely back in UEA’s hands.
Will they now be able to re-use that old chestnut; ‘The dog has eaten my homework, again!’
Nice one officer!

“There is no evidence to suggest that anyone working at or associated with the University of East Anglia was involved in the crime.”

This is the only positive statement in the whole release. They could find no evidence for an inside source. That could merely mean no one at UEA admitted it, and they could find no traces of unauthorized access at UEA. That allows them to absolve UEA staff.

And as the only positive statement – it is demonstrably false.

The climategate emails are not a simple mail server dump. They are a selection of that appear to match the FOIA requests that CRU repeatedly refused to comply with. The mail server at CRU would have been full of emails of all sorts. But the Climategate emails were a careful selection all very apposite. Anyone that has worked with these kind of servers knows the huge amount of work involved parsing your way through a mail server, looking for those emails that are on or related to the subject and discarding those not wanted. I didn’t see any routine emails in the Climategate dump – no spam, no university business etc. But there would have been a huge amount of non-climate emails. The work-factor for an intruder even an APT would have been considerable.“However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet. The offenders used methods common in unlawful internet activity to obstruct enquiries.”
It is quite rare to find a sophisticated hacker with a specific interest in climate science. This ‘rare beast would also have to know that there were incriminating emails to actually find on an unencrypted mail server. Then after downloading a HUGE mail file which would take time on its own. Then work for a long time searching for the appropriate ‘incriminating emails with a knowledge of whose emails were important and whose weren’t sometimes due to throwaway lines in the emails, and discarding the dross routine emails which would be the majority..

And the payback? No attempt appears to have been made to make money out of the emails. They were sent to various news outlets (showing a trusting faith in the investigative journalists who only deal with cut and pastes frrom AP and Reuters). Then the sorted Climategate dump was left on a Russian server with messages to appropriate blogs such as Tallblokes Talkshop.

This was not the work of a hacker this was the work of someone with continual access to CRU and a subject matter expert in the climate business, its wrinkles and the people involved both local and international. It could even have been someone who had been tasked with answering the FOIA and then after doing all the work was told to scrap it as we are not going to answer it. It is stretching credulity too much to accept that this was a ‘simple’ outside hack by a blackhat ‘denier’.

The police in the UK are being forced by the government to make savings of £2.4bn by 2015. This means a loss of 34,400 police jobs, including civilian staff, by 2015. Of these 15,000 police officers are to lose their jobs about half of whom do non-frontline work (computers for example). In addition 179 police stations are to close and of those remaining,1 in 5 will lose their front counters.

Norfolk police will lose 162 officers and 375 civilian staff to achieve budget cuts over three years of £24 million. Norfolk officers were amongst 20,000 police officers who demonstrated in London on May 10 against the government’s policies.

To me a key statement from the Norfolk Constabulary is the concluding one:
“While law enforcement agencies continue to develop our response to emerging threats, it falls upon individuals and organisations to be alert to this and and take steps to mitigate risk as far as is practicable.”

In other words the UEA/CRU should have had better security which might have prevented the loss of emails in the first place in which case the Norfolk police wouldn’t have been made to look silly and had to waste their time on the digital blatherings of a bunch of academics.

The police say they were competent enough to determine it was a sophisticated hack. But they say they can’t trace it down to an origin? My goodness, how many people in silicon valley could trace it to an origin. Pulease! If they can’t trace it then they don’t know what they’re doing in the first place. So saying it was sophisticated is euphemistic for “hey, we’re totally lost, it’s over our heads, we weren’t trained for this. Besides, it’s just not important enough to expend resources on solving it”.

What’s the rat I smell? Maybe political paradigms make one not want to press the issue for fear real details would come out that would puncture the good ship global warming. But maybe I go to far with that.

Why do some people here apparently suspect the Norfolk police being in support of a particular narrative – in effect part of a coverup? While I can see the possibility of incompetence, a deliberate attempt to hew to a storyline seems rather improbable to me.

To me it sounds like they couldn’t find s___t. The reference to an outside hack would still hold true even if the person responsible worked there or was familiar with the system.

All this changes is the sideshow argument regarding Climategate and Glieckgate comparisons. It does nothing with regard to the content of the emails and what they reveal.

‘Why do some people here apparently suspect the Norfolk police being in support of a particular narrative – in effect part of a coverup?’
Agree with your question, timg56; I strongly feel that the Norfolk police have done as well as the cards they were dealt could not have been played any better.
‘To me it soundsc like they couldn’t find s___t.’
Think you’re wrong there; They would be more than competent at finding ordure but ’tis harder to prove it!
‘The reference to an outside hack ould still hold true even if the person responsible worked there or was familiar with the system’
Agree but that, in no way, weakens their argument that they followed procedure within the remit they were involved with
‘All this changes is the sideshow argument regarding Climategate and Glieckgate comparisons. It does nothing with regard to the content of the emails and what they reveal’
Agree, again, and that is why the police have washed their hands on the politics and let loose the hounds!

mm… someone very close to the center of all the action??
a distant hacker would not seem to have any reason or need for such misdirection
(well unless it were some added layer of misdirection, to make it seem to the most observant that it was an insider trying to misdirect to an outsider who …. nah, too much subtlety for any “outside” hacker to care about, I would guess)

Steven Mosher says:
July 18, 2012 at 6:05 pm
Ian
“The climategate emails are not a simple mail server dump. They are a selection of that appear to match the FOIA requests that CRU repeatedly refused to comply with.”
they are not a human made selection.
They are not mails selected in response to FOIA
You may well be proven right, moshpit, but please point out the relevance of your post vis a vis the integrity exhibited by CRU compared with the ‘publish and be (slightly) damned by the circumspection of Madame FOIA (of whatever gender)
Some claim that you know the identity of FOI but I’m with you on this. You know nowt! Keep up the good work

Too bad that they didn’t provide any evidence to actually dispel the theory that RC/FOIA “was a disgruntled UEA employee”. Nor do I believe anything that Acton says on this matter without corroborating evidence – which has notably not been provided here.

If they’d resisted the temptation to embellish – “carefully orchestrated” for example – they’d have had a better chance of people accepting a statement. But such embellishments make it impossible to accept this without corroboration (bold added by me)

If the mail server is using a mirrored RAID, would one hard in the array have all the emails, thus replace one hard drive in the array walk out with the goods??? Sort out the hard drive at some other location.

Climategate 3 will probably happen short before the the next UNEP/IPCC(UNEPFCCC) “report” ?
It must be very undermining for the The Team’s members morale to know that short before their policy based propaganda “claims” are put forward new Climategate e-mails will be made public.
E-mails that show that the IPCC reports are not scientific but instead politics to support the UNFCCC and it’s radical UNEP policy based claims to promote a radical change of society.
And the fun part of this is that it’s going to be The Teams own written words in leaked internal e-mails that clearly show that the reports claims that they are making public is not science but policy based solely and only on the UNFCCC.
In other words ” the things we are going to tell you now is just policy based lies”.

I am not normally one to engage in conspiracy theories and I am not sure I go with the conspriacy theories propounded here. However, I notice the coincidence that UK Parliament (HoC and Lords) broke up last week for the “summer” break so MPs are not able able to raise questions in the House to get more information from Government ministers.

Possibly a guide to Norfolk Constabulary’s timing of this announcement.

Didn’t believe their “it was a hack from the internet” when they first produced it; no reason to believe it now. It sounds like the attack dogs were getting nowhere and their owner decided to call them off.

Remotely. OK, remotely from where? If you know that the attack came from outside you should at least be able to get an idea of where outside. Russia? China? USA? UK? Surely it would be worthwhile to know….

“While no criminal proceedings will be instigated, the investigation has concluded that the data breach was the result of a ‘sophisticated and carefully orchestrated attack on the CRU’s data files, carried out remotely via the internet’.

BTW, the information gathered by the Norfolk Constabulary is almost certainly not available through FOI requests as likely involving a) a criminal investigation b) information from security serives c) international implications with foreign countries and more.

Remotely may simply mean a VPN connection from inside UEA to a non-logging VPN hoster and back in through the firewall via an open port exploiting any number of vulnerabilities or bad setup.

Grabbing a single HDD from the SAN rack won’t get anyone far. A large institution like this will have a high level RAID (i.e. RAID6) with additional data duplication and volume spanning going. Any single HDD only contains unrecoverable gibberish, getting to it requires physical access to the server room and pulling it will trigger an alert to the admin (and possibly the manufacturer to ship a replacement part and send a technician to install it by presuming hardware failure). Removing the full shelf to take home is quite inconceivable.

I am enjoying all of this very much, and dearly hope Mosher writes a book about it one day. Some thriller it would be, even without any bodies (Which I dearly hope never happens. Professional reputations can deservedly die, yes, but not any actual people).

Sincerely, an American schoolteacher posting this afternoon from Yorkshire, as I’m sure any competent hacker could easily determine. :)